duanlinpi0265 2018-05-19 15:15
浏览 82
已采纳

PHP MySQL使用两个SESSION提交

I have a webshop, user will buy something When the user visit the my web, their data will be saved temporarly in a variable $user as an array It will be checked when the user buy something, if their balance is more or equal to the things that they want to buy, but the problem arise when there are some users that try to use two browsers to buy things at the same times, their balance just cut once (it should be twice, since they buy it twice using two browsers)

I know I can just update the $user variable before checking, but I will have to run another query to MySQL, and there is many orders ...

Is there any SQL syntax that can be used to prevent this kind of attack? for checking their balance and make sure it's correct

  • 写回答

1条回答 默认 最新

  • dongpu4141 2018-05-19 15:43
    关注

    Based on your current setup (ie using a variable):

    Someone using two browser on the same site trying to use up their balance is going to be fairly rare, with most cases someone trying to game your system.

    Just finally check their balance at the point of processing the order and if ok allow it, otherwise don't. For those doing it by accident (which is rare), they'll soon realise the error.

    An alternative:

    It'd be better to check the real data rather than a variable which isn't reliable and has to be forced to be persistent, and as you know not available in different sessions.

    I think a better way would be to use some fast centralised persistent storage like Redis (fairly easy to learn, essentially it's an array stored in memory). You can then store their username (or whatever uniquely IDs them) and while they may have different keys across the two browsers, there will be a common unique ID and you can update their credit value in both (all) sessions by searching for the unique ID.

    Then whatever browser that user is logged in to will be updated same as other browsers.

    Maybe a better idea:
    Unless your application needs it, don't let people log in to different browsers/devices. When they try to login, state "already logged in on another place, want to log that one our and log in here?" etc

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 关于#opencv#的问题:使用大疆无人机拍摄水稻田间图像,拼接成tif图片,用什么方法可以识别并框选出水稻作物行
  • ¥15 Python卡尔曼滤波融合
  • ¥20 iOS绕地区网络检测
  • ¥15 python验证码滑块图像识别
  • ¥15 根据背景及设计要求撰写设计报告
  • ¥20 能提供一下思路或者代码吗
  • ¥15 用twincat控制!
  • ¥15 请问一下这个运行结果是怎么来的
  • ¥15 单通道放大电路的工作原理
  • ¥30 YOLO检测微调结果p为1